1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft AI researchers leaked 38TB worth of private company dat

    From TechnologyDaily@1337:1/100 to All on Tue Sep 19 13:15:03 2023
    Microsoft AI researchers leaked 38TB worth of private company data

    Date:
    Tue, 19 Sep 2023 13:04:47 +0000

    Description:
    Cybersecurity researchers found an unprotected Microsoft Azure database - luckily, no one seems to have found it before.

    FULL STORY ======================================================================

    They say misconfigured cloud storage is the leading cause of data leaks these days, and Microsofts latest slip-up is the perfect example.

    Cybersecurity researchers from Wiz discovered a huge, unlocked database, hosting sensitive information on hundreds of people, including private keys and passwords.

    The database, as it turned out, belonged to Microsofts researchers working on Artificial Intelligence ( AI ). The good news is that the database was locked before any hackers could get to it. Oops! Our bad

    As Wizs researchers explained, they were investigating accidental
    cloud-hosted data exposure when they found a Microsoft GitHub repository with open-source code for AI models, to be used for image recognition. The models were hosted on an Azure Storage URL, but due to obvious human error, the storage also held data that no one should have access to.

    That data includes 38 terabytes of information, including backups of two Microsoft employees computers, passwords to Microsoft services, and more than 30,000 Teams chat messages exchanged by Microsoft employees. The storage account wasnt accessible directly, the researchers explained. Instead, Microsofts AI team generated a shared access signature token (SAS) that granted too many permissions. With SAS tokens, TechCrunch explains, Azure users can generate shareable links for Azure Storage account data.

    Wiz notified Microsoft of its findings on June 22, and the SAS token was revoked two days later. It took the company almost three weeks to run a thorough investigation, after which it concluded that the data hadnt been accessed by any unauthorized third parties, TechCrunch said .

    To make sure these things dont happen again, Microsoft expanded GitHubs
    secret spanning service, which tracks all public open-source code changes for credentials and other secrets exposed in plaintext.

    Unfortunately, unsecured databases are a common occurrence. Earlier this
    year, a relatively popular Android voice chat app, OyeTalk, did the same thing. It was using Googles Firebase mobile application development platform, which also offers cloud-hosted databases. According to researchers from Cybernews, OyeTalks Firebase instance was not password-protected, meaning its contents were available for all to see. More from TechRadar Pro Google Ads
    are being hijacked to serve up dangerous malware Here's a list of the best endpoint protection services Looking for a good firewall? Here are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-ai-researchers-leaked-38tb-wo rth-of-private-company-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)